Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

/in

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog.
Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds.
“The Hellhounds group compromises organizations they select and

The Hacker News – ​Read More

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

/in

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

Security Latest – ​Read More

Ukraine Hit by Cobalt Strike Campaign Using Malicious Excel Files

/in

Beware Macro! Ukrainian users and cyberinfrastructure are being hit by a new malware campaign in which hackers are…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

NIST Commits to Plan to Resume NVD Work

/in

The agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and partnership with CISA.

darkreading – ​Read More

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

/in

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users.
The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0.
“In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or

The Hacker News – ​Read More

Cox Biz Auth-Bypass Bug Exposes Millions of Devices to Takeover

/in

The US broadband provider fixed an issue that allowed attackers to gain access to business customers’ modems, and then access info and execute commands with the same permissions of an ISP support team.

darkreading – ​Read More

Perfecting the Proactive Security Playbook

/in

It’s more important than ever for organizations to prepare themselves and their cybersecurity postures against known and unknown threats.

darkreading – ​Read More

Details of Atlassian Confluence RCE Vulnerability Disclosed

/in

SonicWall has shared technical details on a recently addressed high-severity remote code execution flaw in Confluence.

The post Details of Atlassian Confluence RCE Vulnerability Disclosed appeared first on SecurityWeek.

SecurityWeek – ​Read More

NIST Commits to Vulnerability Plan, But Researchers’ Concerns Remain

/in

The agency aims to burn down the backlog of vulnerabilities that need enrichment using additional funding and a third-party contract, but what’s the long-term solution?

darkreading – ​Read More